Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Firefox 40 Features Updates, Patches, Including One for Stagefright

Mozilla today released its Firefox 40 open-source Web browser, providing Windows, Mac, Linux and Android users with updated features as well as multiple patches across 14 security advisories.

The biggest visual change in Firefox 40, however, is only going to be seen by Windows 10 users, which gets a new look to integrate into Microsoft's new operating system. Users on Linux will now benefit from improved scrolling and graphics, which is an extension of Mozilla's Project Silk that debuted for Mac OS X users with Firefox 39 in July.

"Firefox 40 now issues a warning if you visit a page known to contain deceptive software that can make undesirable changes to your computer," Francois Marier, security and privacy engineer at Mozilla, wrote in a blog post.

Further reading

The deceptive software identification comes to Firefox 40 by way of improvements in the Google Safe Browsing API. Firefox has been integrating Google's Safe Browsing technology since 2006 with Firefox 2.0.

Mozilla is now also beginning to roll out improvements to securing third-party add-ons with a process in place by which Mozilla will certify add-ons. Though in Firefox 40, Mozilla isn't yet enforcing the add-on certification for end users. The current plan is that for a future Firefox release, non-certified add-ons will be blocked by default.

"Today, you will start seeing warnings next to unsigned add-ons in Firefox, but no add-ons will be automatically disabled," Mozilla stated in its Firefox 40 release notes. "These warnings will inform you about add-ons that have not been certified by Mozilla and we're working with add-on developers to help them meet our standards and make add-ons safer for you."

Mozilla is also issuing 14 security advisories alongside the Firefox 40 release. Four of those 14 advisories are rated by Mozilla as being critical. One of the critical advisories is labeled by Mozilla as MFSA-2015-79 and details miscellaneous memory safety hazards.

In addition, one of the critical advisories fixes a flaw in the libstagefright media library. Libstagefright was also recently implicated in a major vulnerability in Android, which has already been patched by Google. The Stagefright vulnerability in Android was reported to Google by security researchers at Zimperium. For Firefox, there are actually four different libstagefright issues reported by four different security researchers including an anonymous researcher working with HP's Zero Day Initiative, independent security researcher Massimiliano Tomassoli, a security researcher only identified as "security researcher laf.intel" and Mozilla security engineer Tyson Smith.

"Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution," Mozilla warned in its advisory.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.